CVE-2023-53854
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8186: Fix use-after-free in driver remove path When devm runs function in the "remove" path for a device it runs them in the reverse order. That means that if you have parts of your driver that aren't using devm or are using "roll your own" devm w/ devm_add_action_or_reset() you need to keep that in mind. The mt8186 audio driver didn't quite get this right. Specifically, in mt8186_init_clock() it called mt8186_audsys_clk_register() and then went on to call a bunch of other devm function. The caller of mt8186_init_clock() used devm_add_action_or_reset() to call mt8186_deinit_clock() but, because of the intervening devm functions, the order was wrong. Specifically at probe time, the order was: 1. mt8186_audsys_clk_register() 2. afe_priv->clk = devm_kcalloc(...) 3. afe_priv->clk[i] = devm_clk_get(...) At remove time, the order (which should have been 3, 2, 1) was: 1. mt8186_audsys_clk_unregister() 3. Free all of afe_priv->clk[i] 2. Free afe_priv->clk The above seemed to be causing a use-after-free. Luckily, it's easy to fix this by simply using devm more correctly. Let's move the devm_add_action_or_reset() to the right place. In addition to fixing the use-after-free, code inspection shows that this fixes a leak (missing call to mt8186_audsys_clk_unregister()) that would have happened if any of the syscon_regmap_lookup_by_phandle() calls in mt8186_init_clock() had failed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-05-07
AI Q&A
2025-12-09
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53854
EUVD
EUVD-2023-60142
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mediatek mt8186 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a use-after-free issue in the MediaTek mt8186 audio driver within the Linux kernel. It occurs because the driver incorrectly manages the order of resource cleanup during device removal. Specifically, the driver uses devm_add_action_or_reset() improperly, causing resources to be freed in the wrong order, leading to a use-after-free condition. The problem arises because the removal functions are called in reverse order, but the driver did not account for this correctly, resulting in accessing freed memory. The fix involves adjusting the placement of devm_add_action_or_reset() to ensure resources are released in the correct order, also preventing a potential resource leak.


How can this vulnerability impact me? :

This use-after-free vulnerability can lead to undefined behavior in the kernel, such as system crashes, memory corruption, or potential escalation of privileges if exploited. Since it affects the audio driver, it could cause instability or denial of service related to audio functionality on devices using the MediaTek mt8186 chipset. Exploiting this flaw might allow an attacker to execute arbitrary code within the kernel context or cause a system crash.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the use-after-free issue in the mediatek mt8186 audio driver. The fix involves correcting the order of devm resource management calls in the driver remove path, specifically moving devm_add_action_or_reset() to the correct place to prevent use-after-free and resource leaks.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart